Allow idv/confirmations_controller #show and #download out of order (LG-4847)

app/controllers/idv/confirmations_controller.rb

@@ -19,16 +19,10 @@ def update
     end
 
     def download
-      personal_key = user_session[:personal_key]
+      code = personal_key
 
-      analytics.track_event(Analytics::IDV_DOWNLOAD_PERSONAL_KEY, success: personal_key.present?)
-
-      if personal_key.present?
-        data = personal_key + "\r\n"
-        send_data data, filename: 'personal_key.txt'
-      else
-        head :bad_request
-      end
+      analytics.track_event(Analytics::IDV_DOWNLOAD_PERSONAL_KEY, success: code.present?)
+      send_data "#{code}\r\n", filename: 'personal_key.txt'
     end
 
     private
@@ -71,8 +65,6 @@ def add_proofing_component
 
     def finish_idv_session
       @code = personal_key
-      user_session[:personal_key] = @code
-      idv_session.personal_key = nil
 
       if idv_session.address_verification_mechanism == 'gpo'
         flash.now[:success] = t('idv.messages.mail_sent')
@@ -83,7 +75,7 @@ def finish_idv_session
     end
 
     def personal_key
-      idv_session.personal_key || generate_personal_key
+      user_session[:personal_key] ||= generate_personal_key
     end
 
     def generate_personal_key

app/services/idv/session.rb

@@ -14,7 +14,6 @@ class Session
       profile_confirmation
       profile_id
       profile_step_params
-      personal_key
       resolution_successful
       step_attempts
     ].freeze
@@ -52,7 +51,6 @@ def create_profile_from_applicant_with_password(user_password)
       profile = profile_maker.save_profile
       self.pii = profile_maker.pii_attributes
       self.profile_id = profile.id
-      self.personal_key = profile.personal_key
     end
 
     def cache_encrypted_pii(password)

spec/controllers/idv/confirmations_controller_spec.rb

@@ -21,7 +21,7 @@ def stub_idv_session
     profile = profile_maker.save_profile
     idv_session.pii = profile_maker.pii_attributes
     idv_session.profile_id = profile.id
-    idv_session.personal_key = profile.personal_key
+    subject.user_session[:personal_key] = profile.personal_key
     allow(subject).to receive(:idv_session).and_return(idv_session)
   end
 
@@ -95,7 +95,7 @@ def index
 
     it 'sets code instance variable' do
       subject.idv_session.create_profile_from_applicant_with_password(password)
-      code = subject.idv_session.personal_key
+      code = subject.user_session[:personal_key]
 
       get :show
 
@@ -226,7 +226,7 @@ def index
 
     it 'allows download of code' do
       subject.idv_session.create_profile_from_applicant_with_password(password)
-      code = subject.idv_session.personal_key
+      code = subject.user_session[:personal_key]
 
       get :show
       get :download
@@ -236,11 +236,25 @@ def index
       expect(@analytics).to have_logged_event(Analytics::IDV_DOWNLOAD_PERSONAL_KEY, success: true)
     end
 
-    it 'is a bad request when there is no personal_key in the session' do
+    it 'can be called separately from #show' do
       get :download
 
-      expect(response).to be_bad_request
-      expect(@analytics).to have_logged_event(Analytics::IDV_DOWNLOAD_PERSONAL_KEY, success: false)
+      expect(response).to be_ok
+
+      code = subject.user_session[:personal_key]
+      expect(response.body).to eq(code + "\r\n")
+    end
+
+    it 'can be called out of order and have the same code as #show' do
+      subject.user_session[:personal_key] = nil
+
+      expect { get :download }.to change { subject.user_session[:personal_key] }.from(nil)
+
+      expect(response).to be_ok
+      code = response.body.chomp
+
+      get :show
+      expect(assigns(:code)).to eq(code)
     end
   end
 end